diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-04-18 16:11:23 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-04-18 16:11:23 +0200 |
commit | 545607eb3cfeb2abf5742d1bb869734f317fcfe5 (patch) | |
tree | 6039c103db155c2f36625ffd75d7262d5dfdc5c4 /xen/arch/x86/domain_build.c | |
parent | fdac9515607b757c044e7ef0d61b1453ef999b08 (diff) | |
download | xen-545607eb3cfeb2abf5742d1bb869734f317fcfe5.tar.gz xen-545607eb3cfeb2abf5742d1bb869734f317fcfe5.tar.bz2 xen-545607eb3cfeb2abf5742d1bb869734f317fcfe5.zip |
x86: fix various issues with handling guest IRQs
- properly revoke IRQ access in map_domain_pirq() error path
- don't permit replacing an in use IRQ
- don't accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI
- track IRQ access permission in host IRQ terms, not guest IRQ ones
(and with that, also disallow Dom0 access to IRQ0)
This is CVE-2013-1919 / XSA-46.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Diffstat (limited to 'xen/arch/x86/domain_build.c')
-rw-r--r-- | xen/arch/x86/domain_build.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c index c8f435db32..7ae084f21b 100644 --- a/xen/arch/x86/domain_build.c +++ b/xen/arch/x86/domain_build.c @@ -1080,7 +1080,7 @@ int __init construct_dom0( /* DOM0 is permitted full I/O capabilities. */ rc |= ioports_permit_access(dom0, 0, 0xFFFF); rc |= iomem_permit_access(dom0, 0UL, ~0UL); - rc |= irqs_permit_access(dom0, 0, d->nr_pirqs - 1); + rc |= irqs_permit_access(dom0, 1, nr_irqs_gsi - 1); /* * Modify I/O port access permissions. |